Kaspersky Anti-Hacker 静默模式信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193770 漏洞类型 未知
发布时间 2006-08-21 更新时间 2006-08-21
CVE编号 CVE-2006-4265 CNNVD-ID CNNVD-200608-343
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/83313
https://cxsecurity.com/issue/WLB-2006080136
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-343
|漏洞详情
KasperskyAnti-Hacker1.8.180中,当启用静默模式时,远程攻击者可获得ICMP(1)时间请求和(2)子网掩码请求的响应,这与静默模式的记载行为不符。
|漏洞EXP
Kaspersky personal firewall 1.8.180 in "stealth mode" configuration doesnt detect nor block timestamp and network block ICMP request. They still call it a stealth mode feature, yeah sure ;)

Try: nmap -sP -PE <IP>

namp -sP -PM <IP>
|受影响的产品
Kaspersky Lab Kaspersky Anti-Hacker 1.8.180
|参考资料

来源:BUGTRAQ
名称:20060812KasperskyAnti-Hackerpersonalfirewallunstealthystealthmode
链接:http://www.securityfocus.com/archive/1/archive/1/443180/100/100/threaded
来源:SREASON
名称:1427
链接:http://securityreason.com/securityalert/1427